Lecture 16 Public Key Certification and Revocation
|
|
- Arron O’Connor’
- 5 years ago
- Views:
Transcription
1 Lecture 16 Public Key Certification and Revocation 1 CertificationTree / Hierarchy Logical tree of CA-s root PK root [PK CA1 CA1 ]SK root CA3 [PK CA3 ]SK root [PK CA2 CA2 ]SK CA1 CA4 [PK CA4 ]SK CA3 2 1
2 Hierarchical PKI Example UCI UCSB UCSD UCR CAs End users 3 Hierarchical PKI Example Upper level CAs CAs UCI UCOP UCLA CSUN CSOP CSULB End users gtsudik@uci.edu 4 2
3 Hierarchical PKI Example Root CA Upper level CAs State Govt. CAs End users 5 Cross Certificate Based PKI Example CAs End users 6 3
4 Cross Certificate Based PKI Example CAs UC System UMass UTexas End users Cross certificates 7 Hybrid PKI example Note that no cross arrows down or up! 8 4
5 Derived from PKI Certificate Paths 9 Certificate Paths 10 5
6 Certificate Paths Verifier must know public key of the first CA Other public keys are discovered one by one All CAs on the path must be (implicitly) trusted by the verifier 11 X.509 Standard X.509v3 is the current version ITU standard ISO is the equivalent ISO standard Defines certificate format, not PKI Identity and attribute certificates Supports both hierarchical model and cross certificates End users cannot be CAs 12 6
7 X.509 Service Assumes a distributed set of servers maintaining a database about certificates Used in S/MIME, IPSec, SSL/TLS, SET. RSA, DSA, MD5*, * are most commonly used algorithms 13 Format: version serial number signature algorithm ID issuer name(x.500 Distinguished Name) validity period subject(user) name (X500 Distinguished Name) subject public key information issuer unique identifier (version 2 and 3 only) subject unique identifier (version 2 and 3 only) extensions (version 3 only) signature on the above fields 14 7
8 X.509 Certificate Format 15 A sample certificate Certificate: Data: Version: 3 (0x2) Serial Number: 28 (0x1c) Signature Algorithm: md5withrsaencryption Issuer: C=US, O=Globus, CN=Globus Certification Authority Validity Not Before: Apr 22 19:21: GMT Not After : Apr 22 19:21: GMT Subject: C=US, O=Globus, O=University of Southern California, \ ou=isi, CN=bonair.isi.edu Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:bf:4c:9b:ae:51:e5:ad:ac:54:4f:12:52:3a:69: <snip> b4:e1:54:e7:87:57:b7:d0:61 Exponent: (0x10001) Signature Algorithm: md5withrsaencryption 59:86:6e:df:dd:94:5d:26:f5:23:c1:89:83:8e:3c:97:fc:d8: <snip> 16 8
9 Certificates in Practice X.509 certificate format is defined in Abstract Syntax Notation 1 (ASN.1) ASN.1 structure is encoded using the Distinguished Encoding Rules (DER) A DER-encoded binary sting is typically base-64 encoded to get an ASCII representation 17 Certificates in Practice -----BEGIN CERTIFICATE----- MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv cgvhbibjq0utvevmihbyb2ply3qxizahbgnvbastglyzlunlcnrpzmljyxrpb24g QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA qkhty0kbk8pdc2yievxefmri+vkg3gklxmi/veexqm7kqsmfmyovmt72l+g0uf9e BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG nekindrmdcpu/ngietmwhqydvr0obbyefjfc4b8gjsormlux4sq/uciyimrpma4g A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0 YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0 dha6ly93d3cuz21klmrlghdzyxr1cm4uzgfybxn0ywr0lmdtzc5kzarcmsewhwyd VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42 Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ= -----END CERTIFICATE
10 Certificate Revocation Scenario What if: Bob s CA goes berserk? Bob forgets his private key? Someone steals Bob s private key? Bob looses his private key? Bob willingly discloses his private key? Eve can decrypt/sign while Bob s certificate is still valid... Bob reports key loss to CA (or CA finds out somehow) CA issues a Certificate Revocation List (CRL) Distributed in public announcements Published in public databases When verifying Bob s signature or encrypting a message for Bob, Alice first checks if Bob s certificate is still valid! IMPORTANT: what about signatures Bob generated before he realized his key is lost? 19 More generally: Certificate is a capability! Certificate revocation needs to occur when: certificate holder key compromise/loss CA key compromise end of contract (e.g. certificates for employees) Certificate Revocation Lists (CRLs) hold the list of certificates that are not yet naturally expired but revoked Reissued periodically (even if no activity!) More on revocation later 20 10
11 Requirements for revocation Timeliness Must check most recent revocation status Efficiency Computation Bandwidth and storage Availability Security 21 Types of Revocation Implicit Explicit Each certificate is periodically (ore-issued Alice has a fresh certificate è Alice not revoked No need to distribute/publish revocation info Only revoked certificates are periodically announced Alice s certificate not listed among the revoked è Alice not revoked Need to distribute/publish revocation info 22 11
12 Revocation methods CRL - Certificate Revocation List CRL-DP, indirect CRL, dynamic CRL-DP, delta-crl, windowed CRL, etc. CRT and other Authenticated Data Structures OCSP On-line Certificate Status Protocol CRS - Certificate Revocation System 23 CRL Off-line mechanism CRL = list of revoked certificates (e.g., SNs) signed by a revocation authority (RA) RA not always CA that issued the revoked PKC Periodically issued: daily, weekly, monthly, etc
13 Pros & Cons of CRLs Pros Simple Don t need secure channels for CRL distribution Cons Timeliness: window of vulnerability CRLs can be huge How to distribute CRLs reliably? 25 X.509 CRL Format 26 13
14 PKI and Revocation On January 29 and 30, 2001, VeriSign, Inc. issued two certificates for Authenticode Signing to an individual fraudulently claiming to be an employee of Microsoft Corporation. Any code signed by these certificates appears to be legitimately signed by Microsoft. Users who try to run code signed with these certificates will generally be presented with a warning dialog, but who wouldn't trust a valid certificate issued by VeriSign, and claimed to be for Microsoft? Certificates were very soon placed in a CRL, but: code that checks signatures for ActiveX controls, Office Macros, and so on, didn't do any CRL processing. According to Microsoft: since the certificates don't include a CRL Distribution Point (DP), it's impossible to find and use the CRL! 27 Certificate Revocation Tree (CRT) proposed by P. Kocher (1998) based on hash trees hash trees first proposed by R. Merkle in another context in 1979 (one-time signatures) improvement to Lamport-Diffie OTS scheme based on the following idea: A wants to sign a bit of information. A gives B the image (y) produced as y=f(x) Eventually A reveals the pre-image: x B checks that: y=f(x) 28 14
15 CRT contd. express ranges of SN of PKC s as tree leaf labels: E.g., ( ) means: 5 and 12 are revoked, the others larger than 5 and smaller than 12 are okay Place the hash of the range in the leaf response includes the corresponding tree leaf, the necessary hash values along the path to the root, the signed root the CA periodically updates the structure and distributes to un-trusted servers called Confirmation Issuers 29 query: Is 67 revoked? Signed root (N 3,0 ) Example of CRT N 0,0 N 2,0 N 1,0 N 0,1 N 0,2 N 1,1 N 0,3 N 0,4 N 2,1 N 1,2 N 0,5 N 0,6 N 1,3 N 0,7 (- to 7) (7 to 23) (23 to 27) (27 to 37) (37 to 49) (49 to 54) (54 to 88) (88 to + ) 30 15
16 Characteristics of CRT each response represents a proof length of proof is: O(log n) Much shorter than CRL which is O(n) Where n is # of revoked certificates only one real signature for tree root (can be done off-line) 31 Explicit Revocation: OCSP OCSP = On-line Certificate Status Protocol (RFC 2560) - June 1999 In place of or, as a supplement to, checking CRLs Obtain instantaneous status of a PKC OCSP may be used in sensitive, volatile settings, e.g., stock trades, electronic funds transfer, military 32 16
17 OCSP players 1. Cert request Bob 2. Bob CA OCSP responder 6. Transaction response 5. OCSP response / Error message 3. Transaction + Alice 4. OCSP request request 33 OCSP definitive response all definitive responses have to be signed: either by issuing CA or by a Trusted Responder (OCSP client trusts the TR s PKC) or by a CA Authorized Responder which has a special PKC (issued by the CA) saying that it can issue OCSP responses on CA s behalf 34 17
18 Responses for each certificate Response format: target PKC SN PKC status: good - positive answer revoked - permanently/temporarily (on-hold) unknown - responder doesn t know about the certificate being requested response validity interval optional extensions 35 Special Timing Fields A response contain three timestamps: thisupdate - time at which the status being indicated is known to be correct nextupdate - time at or before which newer information will be available producedat - time at which the OCSP responder signed this response. Useful for response pre-production 36 18
19 Security Considerations on-line method DoS vulnerability flood of queries + generating signatures! unsigned responses à false responses pre-computing responses offers some protection against DoS, but pre-computing responses allows replay attacks (since no nonce included) but OCSP signing key can be kept offline 37 Open questions Consistency between CRL and OCSP responses possible to have a certificate with two different statuses. If OCSP is more timely and provides the same information as CRLs, do we still need CRLs? Which method should come first - OCSP or to CRL? 38 19
20 Implicit Revocation: Certificate Revocation System (CRS) proposed by Micali (1996) aimes to improve CRL communication costs / size basic idea: signing a message for every certificate stating its status use of off-line/on-line signature scheme to reduce update cost 39 CRS: creation of a certificate Two new parameters in PKC: Y MAX and N Y MAX =H MAX (Y 0 ) N=H(N 0 ) [ Y 0, N 0 ] -- per-pkc secrets stored by CA H() -- public one-way function 40 20
21 How CRS works CA daily update U k for each certificate C k Directory -if still valid, U k =Y 365-i = H 365-i (Y 0 ) -if revoked, U k =N 0 NOTE: i=0 at the issuance date Verifier 41 21
Lecture 14. Public Key Certification and Revocation
Lecture 14 Public Key Certification and Revocation 1 CertificationTree / Hierarchy Logical tree of CA-s root PK root CA1 [PKCA1]SKroot CA3 [PK CA3 ]SK root [PK CA2 CA2 ]SK CA1 CA4 [PK CA4]SK CA3 2 Hierarchical
More informationICS 180 May 4th, Guest Lecturer: Einar Mykletun
ICS 180 May 4th, 2004 Guest Lecturer: Einar Mykletun 1 Symmetric Key Crypto 2 Symmetric Key Two users who wish to communicate share a secret key Properties High encryption speed Limited applications: encryption
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationPublic Key Establishment
Public Key Establishment Bart Preneel Katholieke Universiteit Leuven February 2007 Thanks to Paul van Oorschot How to establish public keys? point-to-point on a trusted channel mail business card, phone
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationLecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.
Lecture 13 Public Key Distribution (certification) 1 PK-based Needham-Schroeder TTP 1. A, B 4. B, A 2. {PKb, B}SKT B}SKs 5. {PK a, A} SKT SKs A 3. [N a, A] PKb 6. [N a, N b ] PKa B 7. [N b ] PKb Here,
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationPublic Key Infrastructures
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu,
More informationWhat is a Digital Certificate? Basic Problem. Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections
Digital Certificates, Certification Authorities, and Public Key Infrastructure Sections 14.3-14.5 Basic Problem What does a public-key signature verification tell you? Verification parameters include public
More informationDigital Certificates, Certification Authorities, and Public Key Infrastructure. Sections
Digital Certificates, Certification Authorities, and Public Key Infrastructure Sections 14.3-14.5 Basic Problem What does a public-key signature verification tell you? Verification parameters include public
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 8: Protocols for public-key management Ion Petre Department of IT, Åbo Akademi University 1 Key management two problems
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More informationLecture 15 Public Key Distribution (certification)
0 < i < 2 n = N X i,y i random secret keys index i = random (secret) value Merkle s Puzzles (1974) Puzzle P i = {index i,x i,s} Y i S fixed string, e.g., " Alice to Bob" { P 0 < i < 2 i n } Pick random
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationIntroduction to Cryptography Lecture 10
Introduction to Cryptography Lecture 10 Digital signatures, Public Key Infrastructure (PKI) Benny Pinkas January 1, 2012 page 1 Non Repudiation Prevent signer from denying that it signed the message I.e.,
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationTen Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier
Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a
More information6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename
6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename Certificate formats (DER, PEM, PKCS #12) 6.2 Certificate Authorities
More informationIntroduction to Cryptography Lecture 11
Introduction to Cryptography Lecture 11 Benny Pinkas page 1 Certification Authorities (CA) A method to bootstrap trust Start by trusting a single party and knowing its public key Use this to establish
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationBlocked Hash-Tree Status and Entitlement System
Blocked Hash-Tree Status and Entitlement System Frank W. Sudia www.fwsudia.com September, 2000 1. Synopsis This paper describes a new technology for fast, lightweight, and secure confirmation of information
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationExpires in 6 months September Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP <draft-ietf-pkix-ocsp-00.
HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 06:26:11 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Thu, 23 Oct 1997 15:29:00 GMT ETag: "304c31-471a-344f6d3c" Accept-Ranges: bytes Content-Length: 18202 Connection:
More informationServer-based Certificate Validation Protocol
Server-based Certificate Validation Protocol Digital Certificate and PKI a public-key certificate is a digital certificate that binds a system entity's identity to a public key value, and possibly to additional
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationInternet Engineering Task Force (IETF) Request for Comments: 6961 June 2013 Category: Standards Track ISSN:
Internet Engineering Task Force (IETF) Y. Pettersen Request for Comments: 6961 June 2013 Category: Standards Track ISSN: 2070-1721 Abstract The Transport Layer Security (TLS) Multiple Certificate Status
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationBugzilla ID: Bugzilla Summary:
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
More informationUnderstanding HTTPS CRL and OCSP
Understanding HTTPS CRL and OCSP Santhosh J PKI Body of Knowledge: Development & Dissemination Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying
More informationX.509 CERTIFICATE X.509 CERTIFICATE PUBLIC-KEY CERTIFICATES THE CERTIFICATE TRIANGLE CERTIFICATE TRUST. INFS 766 Internet Security Protocols
INFS 766 Internet Security Protocols X.509 CERTIFICATE Lecture 6 Digital Certificates VERSION SERIAL NUMBER SIGNATURE ALGORITHM ISSUER VALIDITY Prof. Ravi SUBJECT SUBJECT PUBLIC KEY INFO SIGNATURE 4 PUBLIC-KEY
More informationSpecification document for OCSP
Nets DanID A/S Lautrupbjerg 10 DK 2750 Ballerup T +45 87 42 45 00 F +45 70 20 66 29 info@danid.dk www.nets-danid.dk CVR no. 30808460 Specification document for OCSP DanID A/S 4 June 2014 Page 1-11 Table
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationAcknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications
CSE565: Computer Security Lectures 16 & 17 Authentication & Applications Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 Lec 16.1 Acknowledgments Material for some
More informationPUBLIC-KEY CERTIFICATES
INFS 766 Internet Security Protocols Lecture 6 Digital Certificates Prof. Ravi Sandhu PUBLIC-KEY CERTIFICATES reliable distribution of public-keys public-key encryption sender needs public key of receiver
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationCertificates, Certification Authorities and Public-Key Infrastructures
(Digital) Certificates Certificates, Certification Authorities and Public-Key Infrastructures We need to be sure that the public key used to encrypt a message indeed belongs to the destination of the message
More informationWHITEPAPER. Vulnerability Analysis of Certificate Validation Systems
WHITEPAPER Vulnerability Analysis of Certificate Validation Systems The US Department of Defense (DoD) has deployed one of the largest Public Key Infrastructure (PKI) in the world. It serves the Public
More informationLecture 4: Cryptography III; Security. Course Administration
Lecture 4: Cryptography III; Email Security CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Course Administration HW/Lab 1 Posted Due at 11am on Sep 29 Labs are active starting this week
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationCourse Administration
Lecture 6: Hash Functions, Message Authentication and Key Distribution CS 392/6813: Computer Security Fall 2010 Nitesh Saxena *Adopted from Previous Lectures by Nasir Memon Course Administration HW3 was
More informationOCSP Client Tool V2.2 User Guide
Ascertia Limited 40 Occam Road Surrey Research Park Guildford Surrey GU2 7YG Tel: +44 1483 685500 Fax: +44 1483 573704 www.ascertia.com OCSP Client Tool V2.2 User Guide Document Version: 2.2.0.2 Document
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationCertificate Revocation: What Is It and What Should It Be
University of the Aegean De Facto Joint Research Group Certificate Revocation: What Is It and What Should It Be John Iliadis 1,2, Stefanos Gritzalis 1 1 Department of Information and Communication Systems
More informationBart Preneel PKI. February Public Key Establishment. PKI Overview. Keys and Lifecycle Management. How to establish public keys?
art Preneel How to establish public keys? Public Key Establishment art Preneel Katholieke Universiteit Leuven Thanks to Paul van Oorschot point-to-point on a trusted channel mail business card, phone direct
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationETSI ES V1.1.3 ( )
ES 201 733 V1.1.3 (2000-05) Standard Electronic Signature Formats 2 ES 201 733 V1.1.3 (2000-05) Reference DES/SEC-003007-1 Keywords IP, electronic signature, security 650 Route des Lucioles F-06921 Sophia
More informationSpecification document for OCSP
Nets DanID A/S Lautrupbjerg 10 DK 2750 Ballerup T +45 87 42 45 00 F +45 70 20 66 29 www.nets.dk CVR no. 30808460 Specification document for OCSP Nets DanID A/S 9 March 2015 Page 1-11 Table of Contents
More informationSend documentation comments to
CHAPTER 6 Configuring Certificate Authorities and Digital Certificates This chapter includes the following topics: Information About Certificate Authorities and Digital Certificates, page 6-1 Default Settings,
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationSecurity Protocols and Infrastructures. Winter Term 2015/2016
Security Protocols and Infrastructures Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 5: Standards for Security Infrastructures Contents Introduction and naming scheme X.509 and its core
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCertificates, Trust & PKI. Certificates, Trust & PKI. Brian A. LaMacchia.
Certificates, Trust & PKI Certificates, Trust & PKI Brian A. LaMacchia bal@cs.washington.edu bal@microsoft.com Portions 2002-2006, Brian A. LaMacchia. This material is provided without warranty of any
More informationPublic. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2
Atos Trustcenter Server Certificates + Codesigning Certificates Version 1.2 20.11.2015 Content 1 Introduction... 3 2 The Atos Trustcenter Portfolio... 3 3 TrustedRoot PKI... 4 3.1 TrustedRoot Hierarchy...
More informationKey management. Pretty Good Privacy
ECE 646 - Lecture 4 Key management Pretty Good Privacy Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5 1 Using Session Keys & Key Encryption Keys K 1 K 2
More informationand Web Security
Email and Web Security Computer Security Lecture 15 David Aspinall School of Informatics University of Edinburgh 3rd March 2008 Outline Secure Email: PGP and S/MIME Issues of trust Web security: transport
More informationGrid Security Infrastructure
Grid Computing Competence Center Grid Security Infrastructure Riccardo Murri Grid Computing Competence Center, Organisch-Chemisches Institut, University of Zurich Oct. 12, 2011 Facets of security Authentication
More informationConfiguring Certificate Authorities and Digital Certificates
CHAPTER 43 Configuring Certificate Authorities and Digital Certificates Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to obtain and use digital certificates
More informationETSI TS V1.2.2 ( )
TS 101 733 V1.2.2 (2000-12) Technical Specification Electronic signature formats 2 TS 101 733 V1.2.2 (2000-12) Reference DTS/SEC-004001 Keywords IP, electronic signature, security 650 Route des Lucioles
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Online Certificate Status Protocol (OCSP) University of Tartu Spring 2017 1 / 24 CRL shortcomings: Size of CRLs Online Certificate Status Protocol Client side complexity
More informationDigital signatures: How it s done in PDF
Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationOnline Certificate Status Protocol (OCSP) Extensions
: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards
More informationAuthentication in Distributed Systems
Authentication in Distributed Systems Introduction Crypto transforms (communications) security problems into key management problems. To use encryption, digital signatures, or MACs, the parties involved
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Kerberos History: from UNIX to Networks (late
More informationCertificate Revocation : A Survey
Certificate Revocation : A Survey Gaurav Jain Computer Science Department University of Pennsylvania. Abstract With the increasing acceptance of digital certificates, there has been a gaining impetus for
More informationSecurity Protocols and Infrastructures
Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 5: Standards for Security Infrastructures November 13, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Introduction
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationReal-time protocol. Chapter 16: Real-Time Communication Security
Chapter 16: Real-Time Communication Security Mohammad Almalag Dept. of Computer Science Old Dominion University Spring 2013 1 Real-time protocol Parties negotiate interactively (Mutual) Authentication
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationCertification Authority
Certification Authority Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing Design Requirements Designing a Hierarchy Structure Identifying
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationKey management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution 1 Using the same key for multiple
More informationCS155b: E-Commerce. Lecture 6: Jan. 25, Security and Privacy, Continued
CS155b: E-Commerce Lecture 6: Jan. 25, 2001 Security and Privacy, Continued FIREWALL A barrier between an internal network & the Internet Protects the internal network from outside attacks Executes administrator-defined
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationDisplaying SSL Configuration Information and Statistics
CHAPTER 7 Displaying SSL Configuration Information and Statistics This chapter describes the show commands available for displaying CSS SSL configuration information and statistics and an explanation of
More informationKey Agreement Schemes
Key Agreement Schemes CSG 252 Lecture 9 November 25, 2008 Riccardo Pucella Key Establishment Problem PK cryptosystems have advantages over SK cryptosystems PKCs do not need a secure channel to establish
More informationAbout & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017
About & Beyond PKI Blockchain and PKI André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich February 9, 2017 1 Agenda Does blockchain secure PKIs in the longterm? Disadvantages of classic PKIs
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationPublic Key Infrastructures. Using PKC to solve network security problems
Public Key Infrastructures Using PKC to solve network security problems Distributing public keys P keys allow parties to share secrets over unprotected channels Extremely useful in an open network: Parties
More informationApple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 1.0 Effective Date: March 12, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationInformation technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
INTERNATIONAL STANDARD ISO/IEC 9594-8:2014 TECHNICAL CORRIGENDUM 2 Published 2016-10-15 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ ORGANISATION INTERNATIONALE
More information